Sounds like there is a DDL trigger. Check
SELECT * FROM sys.triggers WHERE parent_class_desc = 'DATABASE'
SELECT *FROM sys.server_triggers
Run these queries with an account that is sysadmin.
Granting User Database Permissions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 16%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
cenko2
41
Reputation points
We created a database user which has a default schema other than dbo in SQL Server 2016. It will only have DDL and DML permissions to the default schema. And this user will also be used in Azure DevOps to deploy a dacpac change using sqlpackage utility to the default schema. It has been given deny permissions in the dbo schema. Below are the current permissions of the user.
However, when trying to create a table within the default schema, it gave the following error:
"VIEW SERVER STATE permission was denied on object 'server', database 'master'.
The user does not have permission to perform this action."
Why would it need the VIEW SERVER STATE permission when it already has a CREATE permission granted to it?
Any suggestions to accomplish the requirements above is much appreciated.
SQL Server | Other
{count} votes
-
CathyJi-MSFT 22,401 Reputation points Microsoft External Staff2022-03-25T02:18:50.49+00:00 Hi @cenko2 ,
Any update for this thread? Did the replies could help you? If a response helped, do "Accept Answer". If they all not help, please let us know.
Sign in to comment
Answer accepted by question author
-
Erland Sommarskog 128.7K Reputation points MVP Volunteer Moderator2022-03-22T22:33:20.367+00:00 -
cenko2 41 Reputation points
2022-03-25T14:09:15.277+00:00 Running the queries above, we found out there are database and server level triggers that prevent us from creating a table without the VIEW SERVER STATE permission. For our purpose, we need to grant this permission.
Sign in to comment -
4 additional answers
Sort by: Most helpful
-
Erland Sommarskog 128.7K Reputation points MVP Volunteer Moderator
2022-03-22T22:07:12.827+00:00 Apparently sqlpackage performs an action which requires VIEW SERVER STATE. That's a server-level permission which does not come with CREATE permissions on a schema.
What action sqlpackage is attempting to perform, I don't know, and I don't use sqlpackage myself. But you could use Profiler to spy on it. Capture the events RPC:Starting, SQL:BatchStarting and Error:Exception.
-
cenko2 41 Reputation points
2022-03-22T22:28:08.213+00:00 Thanks for your response, @Erland Sommarskog .
But I was not using sqlpackage.exe to create the table, just running a simple CREATE TABLE statement on SSMS logged on as the user.
-
cenko2 41 Reputation points
2022-03-22T22:41:34.967+00:00 I ran the queries above and you are right, there are triggers in the database and server.
Thank you!
-
CathyJi-MSFT 22,401 Reputation points Microsoft External Staff
2022-03-23T07:25:02.14+00:00 Hi @cenko2 ,
VIEW SERVER STATE Permission is high level server-level privilege which must not be granted to everybody. Only administrators must have privilege to use view server state permission but we can assign this permission to some users who want to see server level state of your SQL Server instance.
According to your error message, the login you are using to execute the script doesn’t have this permission. To fix this issue we will use admin account to grant view server state permission to the login name.
USE MASTER GO GRANT VIEW SERVER STATE TO [username]
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
-
cenko2 41 Reputation points
2022-03-25T14:12:09.197+00:00 Thank you for your reply @CathyJi-MSFT . We granted this permission to the user after finding out the there are database and server level triggers preventing the user to create a table.
Sign in to comment -